package servlet.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import model.VBackAdminUser;


/*
 * 是否登录的身份验证过滤器
 * 说明：当发现请求网页中的session没有username时，将所有非login.jsp网页重定位到login.jsp中/
 * 
 */
public class LoginFilter extends HttpServlet implements Filter {
	
	public void doFilter(ServletRequest sRequest, ServletResponse sResponse,
			FilterChain filterChain) throws IOException, ServletException {
		
		HttpServletRequest request = (HttpServletRequest) sRequest;      
        HttpServletResponse response = (HttpServletResponse) sResponse;      
        HttpSession session = request.getSession();      
      
        String url=request.getServletPath();  
       
        if(url.equals("")) url+="/";
        url = url.toLowerCase(); 
        if(url.indexOf(".jsp")>0 || url.indexOf(".html")>0 ||
        		url.indexOf(".htm")>0){
        	//把不需要用户登录的页面排除掉，这些也不作为过滤器的审查范围
        	if(!url.endsWith("login.jsp") && !url.endsWith("clouduseractivate.jsp")){//如果不是login.jsp页面，则重定向，否则防止出现死循环 
        		VBackAdminUser user=(VBackAdminUser)session.getAttribute("backUser");
        		//未来还要判断adminUser在该页面上有无权限
	             if(user==null){
	            	 //System.out.println("---执行过滤器---");
	            	 response.sendRedirect("../html/login.jsp");
	                 return;  

	             }  
	        } 
        }
        filterChain.doFilter(sRequest, sResponse);    
	}

	public void init(FilterConfig filterConfig) throws ServletException {
		// TODO Auto-generated method stub
		
	}
}
